Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/dgxQsRef3NTUwKl8YwiepWxPARE.roa
File:                     dgxQsRef3NTUwKl8YwiepWxPARE.roa (raw, json)
Hash identifier:          kVinE7gLuzzopJsn0ZV+edhtMFtR/8gJhTn+5iRwN6E=
Subject key identifier:   76:0C:50:B1:17:9F:DC:D4:D4:C0:A9:7C:63:08:9E:A5:6C:4F:01:11
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       018CC3B675B208E4842E30C6E924811098B9
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/dgxQsRef3NTUwKl8YwiepWxPARE.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199018
IP address blocks:        2a05:4140:25::/48 maxlen: 48
                          2a05:4140:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:75:b2:08:e4:84:2e:30:c6:e9:24:81:10:98:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=760c50b1179fdcd4d4c0a97c63089ea56c4f0111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:61:8f:4f:c3:33:05:54:8c:71:cd:03:f9:94:
                    2c:5f:2a:c7:28:1c:64:af:03:75:49:95:c2:1e:66:
                    ff:19:d8:ca:2b:54:f9:33:46:3d:b3:62:13:01:4c:
                    ac:1b:9a:21:0c:f7:c2:ae:9a:82:1a:ca:80:54:5f:
                    46:c6:b0:bc:d6:2e:ed:46:94:4a:9a:be:4d:1f:c7:
                    c1:3b:c6:03:95:eb:74:fa:07:13:13:e4:69:79:07:
                    c4:ec:05:4c:d4:6a:ba:57:84:2a:b4:5d:25:91:a4:
                    3e:48:bb:83:9c:64:c5:f0:22:39:cd:37:40:2b:01:
                    e3:e3:0b:34:8f:d9:a7:07:80:20:3d:84:18:07:c8:
                    3d:0c:3f:59:99:0e:86:15:77:3a:04:96:41:b6:0f:
                    6b:7c:ef:b6:b7:1d:1c:2b:45:22:99:08:14:e6:33:
                    02:54:3f:3a:a8:4b:78:ac:f0:92:22:74:d2:3d:da:
                    6d:6c:66:fb:24:a8:1b:dc:fa:33:7a:33:2b:09:7b:
                    83:dc:56:fe:96:97:ec:7d:2d:e8:a3:13:0f:79:a1:
                    4d:c6:ba:d0:82:8e:68:16:5b:5d:ac:45:e0:1d:00:
                    13:83:ac:ae:dc:3b:56:41:62:35:69:ca:ac:01:0b:
                    c5:42:cd:cd:21:21:5d:03:c0:e7:85:49:0f:71:aa:
                    64:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0C:50:B1:17:9F:DC:D4:D4:C0:A9:7C:63:08:9E:A5:6C:4F:01:11
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/dgxQsRef3NTUwKl8YwiepWxPARE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:25::/48
                  2a05:4140:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         58:65:80:dc:f1:e7:d8:64:63:c6:7c:fe:ec:6b:fc:23:80:70:
         c0:79:12:9f:7f:86:17:ac:01:5b:54:89:de:92:86:50:00:40:
         25:2f:5b:04:25:8b:ad:58:db:65:1f:68:39:f6:89:fb:9b:2b:
         47:0e:cb:a9:f2:2f:a2:6e:dd:8a:cb:9c:b5:af:cd:12:f4:d0:
         40:4b:f9:7b:72:a4:73:a4:47:b0:4b:5a:5e:7d:62:9e:98:bb:
         a7:ee:d9:27:25:a9:c2:b2:5c:82:43:3b:22:04:30:dd:76:ed:
         bb:70:76:38:8f:d2:08:5a:1a:a8:a0:7c:97:06:9e:c7:73:3d:
         ec:bd:af:cb:be:a4:fc:2a:ff:df:f1:d4:8a:28:ab:de:fa:78:
         ca:48:2e:ae:dd:69:39:ce:3c:59:28:d7:1b:9d:60:6f:d0:70:
         c9:47:e8:70:ca:63:b3:3a:6c:da:1d:0a:71:4f:d8:0f:37:a8:
         35:14:34:91:c8:5b:7c:fa:5a:81:71:1c:10:16:b5:a6:42:4d:
         5d:02:26:12:35:6b:8d:9e:1b:fb:56:80:f7:36:9d:d9:46:7b:
         3f:3c:c3:4c:92:93:45:77:72:41:fd:5c:66:f9:5f:c1:34:f4:
         df:fe:05:c3:72:59:ab:59:f3:b2:ff:cf:40:4b:f8:77:43:cf:
         83:86:db:fd
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzDtnWyCOSELjDG6SSBEJi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjBjNTBiMTE3OWZkY2Q0ZDRjMGE5N2M2MzA4OWVhNTZjNGYwMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GGPT8MzBVSMcc0D+ZQsXyrHKBxk
rwN1SZXCHmb/GdjKK1T5M0Y9s2ITAUysG5ohDPfCrpqCGsqAVF9GxrC81i7tRpRK
mr5NH8fBO8YDlet0+gcTE+RpeQfE7AVM1Gq6V4QqtF0lkaQ+SLuDnGTF8CI5zTdA
KwHj4ws0j9mnB4AgPYQYB8g9DD9ZmQ6GFXc6BJZBtg9rfO+2tx0cK0UimQgU5jMC
VD86qEt4rPCSInTSPdptbGb7JKgb3PozejMrCXuD3Fb+lpfsfS3ooxMPeaFNxrrQ
go5oFltdrEXgHQATg6yu3DtWQWI1acqsAQvFQs3NISFdA8DnhUkPcapkGwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFHYMULEXn9zU1MCpfGMInqVsTwERMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvZGd4UXNSZWYzTlRVd0tsOFl3aWVwV3hQQVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgVBQAAl
AwYAKgVBQAIwDQYJKoZIhvcNAQELBQADggEBAFhlgNzx59hkY8Z8/uxr/COAcMB5
Ep9/hhesAVtUid6ShlAAQCUvWwQli61Y22UfaDn2ifubK0cOy6nyL6Ju3YrLnLWv
zRL00EBL+XtypHOkR7BLWl59Yp6Yu6fu2SclqcKyXIJDOyIEMN127btwdjiP0gha
GqigfJcGnsdzPey9r8u+pPwq/9/x1Iooq976eMpILq7daTnOPFko1xudYG/QcMlH
6HDKY7M6bNodCnFP2A83qDUUNJHIW3z6WoFxHBAWtaZCTV0CJhI1a42eG/tWgPc2
ndlGez88w0ySk0V3ckH9XGb5X8E09N/+BcNyWatZ87L/z0BL+HdDz4OG2/0=
-----END CERTIFICATE-----